Configuration

CVE-2010-3315

Medium

6/10

Summary

authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.

Access Complexity: MEDIUM
AccessVector: NETWORK
Authentication: SINGLE
Integrity Impact: PARTIAL
Confidentiality Impact: PARTIAL
Availability Impact: PARTIAL

CWE-16 - Configuration

Weaknesses in this category are typically introduced during the configuration of the software.

References

Advisory Timeline

Published Oct 04, 2010

Configuration

CVE-2010-3315

Summary

CWE-16 - Configuration

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS